Just recently @XVortex pointed out you can poke a memory value to sort of spoof the system firmware version, so I tried what he said and put together a Enable_VR.bin payload (load the HEN payload and then load the VR payload because the Web exploit will say invalid import map, or use this idc.zip modified IDC exploit to launch it as I have added the 5.05 sections so it does not complain about import map) to poke the offset and found it allowed my VR headset to work.